Which all struck me as quite odd so I tweeted it out. I suggested that it was spam because that’s exactly what it looks like; whoever owns the email address jabooelec@outlook.com is soliciting visits to skrylcomputers.com and certainly on that page, the logo is consistent with the one in the PayPal email. I subsequently had a very awkward to-and-fro via DM with PayPal:

@AskPayPal: Please send us a DM so we can discuss further

@troyhunt: Here is a DM!

@AskPayPal: Can you confirm what email address you received the email from?

So in short, without any feedback from PayPal or other evidence to the contrary, it looks like they’re serving as the delivery mechanism for spam which, of course, won’t be flagged as spam because it’s a “legitimate” email from them. The message in the “invoice” is quite clearly just that – spam – and this is almost certainly an abuse of the PayPal invoicing system.

I assume that there’s either no cost to the sender for a $0 invoice or it’s low enough to justify the upside of the spam. This is one they certainly should get on top of though and allow me to make a suggestion: The same account sending out volumes of $0 invoices is probably something that should raise a red flag!